#include <Windows.h>#include <TlHelp32.h>#include <stdarg.h>#include <iost

1. #include <Windows.h>
2. #include <TlHelp32.h>
3. #include <stdarg.h>
4. #include <iostream>
5. #include <string>
6.  
7. #pragma region memory
8. int pID;
9. HANDLE process;
10.  
11. DWORD clientModuleSize, clientModuleStart;
12.  
13. bool attachToCsgo() {
14.     HANDLE handle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
15.     PROCESSENTRY32 entry;
16.     entry.dwSize = sizeof(entry);
17.  
18.     do
19.     if (!strcmp(entry.szExeFile, "csgo.exe")) {
20.         pID = entry.th32ProcessID;
21.         CloseHandle(handle);
22.  
23.         process = OpenProcess(PROCESS_VM_READ, false, pID);
24.  
25.         return true;
26.     }
27.     while (Process32Next(handle, &entry));
28.  
29.     return false;
30. }
31.  
32. bool dataCompare(const BYTE* pData, const BYTE* pMask, const char* pszMask) {
33.     for (; *pszMask; ++pszMask, ++pData, ++pMask) {
34.         if (*pszMask == 'x' && *pData != *pMask) {
35.             return false;
36.         }
37.     }
38.  
39.     return (*pszMask == NULL);
40. }
41.  
42. bool loadClientModule() {
43.     HANDLE module = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, pID);
44.     MODULEENTRY32 mEntry;
45.     mEntry.dwSize = sizeof(mEntry);
46.  
47.     do {
48.         if (!strcmp(mEntry.szModule, (LPSTR)"client.dll")) {
49.             CloseHandle(module);
50.  
51.             clientModuleSize = mEntry.modBaseSize;
52.             clientModuleStart = (DWORD)mEntry.hModule;
53.             return true;
54.         }
55.     } while (Module32Next(module, &mEntry));
56.  
57.     return false;
58. }
59.  
60. DWORD findPattern(DWORD start, DWORD size, const char* sig, const char* mask) {
61.     BYTE* data = new BYTE[size];
62.     unsigned long bytesRead;
63.  
64.     if (!ReadProcessMemory(process, (LPVOID)start, data, size, &bytesRead)) {
65.         return NULL;
66.     }
67.  
68.     for (DWORD i = 0; i < size; i++) {
69.         if (dataCompare((const BYTE*)(data + i), (const BYTE*)sig, mask)) {
70.             return start + i;
71.         }
72.     }
73.  
74.     return NULL;
75. }
76.  
77. DWORD findPatternArr(DWORD start, DWORD size, const char* mask, int count, ...) {
78.     char* sig = new char[count + 1];
79.     va_list ap;
80.     va_start(ap, count);
81.     for (int i = 0; i < count; i++) {
82.         char read = va_arg(ap, char);
83.         sig[i] = read;
84.     }
85.     va_end(ap);
86.     sig[count] = '\0';
87.  
88.     return findPattern(start, size, sig, mask);
89. }
90.  
91. bool detach() {
92.     if (process) {
93.         return CloseHandle(process);
94.     }
95.     return false;
96. }
97. #pragma endregion
98.  
99. #pragma region offsets
100. DWORD offGameResources = 0x4A0E53C;
101. DWORD offEntityList = 0x49EE2E4;
102. DWORD offRadarBase = 0x4A22F8C;
103. DWORD offRadarBasePointer = 0x50;
104. DWORD offRadarName = 0x24;
105. DWORD offRadarSize = 0x1E0;
106.  
107. // Netvars
108. DWORD offICompWins = 0x1B3C;
109. DWORD offICompRanking = 0x1A38;
110. #pragma endregion
111.  
112. #pragma region actualCode
113. static const char *Ranks[] =
114. {
115.     "No Rank",
116.     "Silver I",
117.     "Silver II",
118.     "Silver III",
119.     "Silver IV",
120.     "Silver Elite",
121.     "Silver Elite Master",
122.  
123.     "Gold Nova I",
124.     "Gold Nova II",
125.     "Gold Nova III",
126.     "Gold Nova Master",
127.     "Master Guardian I",
128.     "Master Guardian II",
129.  
130.     "Master Guardian Elite",
131.     "Distinguished Master Guardian",
132.     "Legendary Eagle",
133.     "Legendary Eagle Master",
134.     "Supreme Master First Class",
135.     "The Global Elite"
136. };
137.  
138. std::string pNames[64];
139. int pRanks[64];
140. int pWins[64];
141. bool loadData() {
142.     DWORD resource;
143.     ReadProcessMemory(process, (LPCVOID)(clientModuleStart + offGameResources), &resource, 4, NULL);
144.  
145.     DWORD radar, radarPointer;
146.     ReadProcessMemory(process, (LPCVOID)(clientModuleStart + offRadarBase), &radar, 4, NULL);
147.     ReadProcessMemory(process, (LPCVOID)(radar + offRadarBasePointer), &radarPointer, 4, NULL);
148.     for (int i = 0; i < 64; i++) {
149.         ReadProcessMemory(process, (LPCVOID)(resource + (offICompRanking + i * 4)), &pRanks[i], 4, NULL);
150.         ReadProcessMemory(process, (LPCVOID)(resource + (offICompWins + i * 4)), &pWins[i], 4, NULL);
151.         wchar_t buffer[32];
152.         ReadProcessMemory(process, (LPCVOID)(radarPointer + (offRadarSize * (i + 2)) + offRadarName), buffer, 32 * sizeof(wchar_t), NULL);
153.         int j = 0;
154.         pNames[i] = "";
155.         while (buffer[j] != '\0') {
156.             pNames[i] += buffer[j];
157.             j++;
158.         }
159.     }
160.     return true;
161. }
162. #pragma endregion
163.  
164. typedef bool(*requireFunc)();
165. void require(requireFunc f, const char* msg) {
166.     std::cout << msg << "... ";
167.     if (f()) {
168.         std::cout << "done.\n";
169.     }
170.     else {
171.         std::cout << "error.\n";
172.         getchar();
173.         exit(1);
174.     }
175. }
176.  
177. int main() {
178.     std::cout << "Merccy's Rank Scanner V1.0\n\n";
179.  
180.     require(attachToCsgo, "Attaching to csgo.exe");
181.    
182.     require(loadClientModule, "Loading client module data");
183.  
184.     require(loadData, "Loading data");
185.  
186.     require(detach, "Detach");
187.  
188.     std::cout << "\n";
189.  
190.     for (int i = 0; i < 64; i++) {
191.         if (pNames[i] == "") continue;
192.  
193.         std::cout << pNames[i] << "\nRank:\t" << Ranks[pRanks[i]] << "\n\n";
194.     }  
195.  
196.     getchar();
197. }